Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




25 posts

Geek


Topic # 68690 26-Sep-2010 14:47
Send private message

I want to print a message via php only if my mysql statement performs

if ( $_POST['Delete'])
{
    $Customer_Code_form = $_POST['Customer_Code'];
    mysql_query("DELETE FROM customer WHERE Customer_Code = '$Customer_Code_form'") or die(mysql_error());
   
    Echo ">>>$Customer_Code_form has been deleted<<<";
   
}

right now this code will output whatever number was sent to it where or not something was deleted... and im too hung over atm to figure out how to solve this myself

Create new topic
2356 posts

Uber Geek
+1 received by user: 374

Trusted

  Reply # 384549 26-Sep-2010 15:18
Send private message

Do you really trust $_POST putting it into a mysql query without quoting it?

try a little $Customer_Code_form = mysql_quote($_POST['Customer_Code']);

If you are echoing html then...

echo "<center>&gt;&gt;&gt; $Customer_Code_form has been deleted &lt;&lt;&lt;</center>"; is what you need to do.

With the result thingy..

what you need to look at is:

http://php.net/manual/en/function.mysql-query.php

so something like

if ($mysql_query (......)) {
       echo "......"; # OK Result
       } else {
      echo "......."; # ERROR Result
}

     


BDFL - Memuneh
61807 posts

Uber Geek
+1 received by user: 12451

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 384556 26-Sep-2010 15:29
Send private message
 
 
 
 




25 posts

Geek


  Reply # 384566 26-Sep-2010 15:56
Send private message

Cheers guys and dont worry this isnt going to be the final code, im passing it over to another coder to put in the catches and testing so its not unsafe :D

469 posts

Ultimate Geek
+1 received by user: 107


  Reply # 384567 26-Sep-2010 16:06
Send private message

just so long as they atleast put in a few mysql_real_escape_string()'s.

It's a really good habit to put make your code as safe as possible as early as possible. Relying on someone else to run through your code and do all the securing is running a real risk that they'll miss something, the risk increases exponentially as your code grows too.



25 posts

Geek


  Reply # 384570 26-Sep-2010 16:17
Send private message

Yeah this still aint working

    $delete = ("DELETE FROM customer WHERE Customer_Code = '$Customer_Code_form'");
    if ( mysql_query($delete))
    {
        Echo "<center>>>>$Customer_Code_form has been deleted<<<</center>";
    }
    else { echo "fail";}

469 posts

Ultimate Geek
+1 received by user: 107


  Reply # 384579 26-Sep-2010 16:59
Send private message

You could add some conditioning/checking by creating a couple of Mysql queries for the customer ID before and after deleting....

I.E. check to see whether the customer ID exists, if it exists, delete the variable, then check again after the delete whether the variable exists or not, and build the logic around that.

Or you could probably use mysql result...

2356 posts

Uber Geek
+1 received by user: 374

Trusted

  Reply # 384612 26-Sep-2010 18:41
Send private message

ah..

http://php.net/manual/en/function.mysql-affected-rows.php


if (mysql_affected_rows() > 0) {
 echo "something got deleted";
  } else {
 echo "nothing got deleted";
}



Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.